State audit red flags Millbrook Central School District’s IT Dept.

MILLBROOK — The Millbrook Central School District (MCSD) was called out by the New York State Comptroller’s Office during a recent audit for several red flags found during the review. It was the result of  an Information Technology (IT) audit released on Aug. 20; the objective was to determine if officials at the MCSD established adequate controls over user accounts in order to prevent unauthorized access, use and loss. 

According to Comptroller Thomas DiNapoli, they did not have adequate controls over user accounts, did not prevent unauthorized access, use or loss and did not periodically review and disable unneeded network user accounts. Additionally, the audit found that the MCSD did not develop a breach notification policy as mandated by New York State law. 

“When we heard they were going to audit us, we looked at it as a good thing,” said President of the Millbrook Board of Education (BOE) Perry Hartswick. “With so many technical challenges from COVID, any extra eyes were a good thing. What they found were important issues, but simple.”

The audit, which was conducted from July 1, 2019 through Nov. 8, 2020, showed the accounts of 46 students no longer enrolled in the district were active, as were the accounts of 13 employees who left their jobs and did not have their accounts disabled from the years 2013-2018. Nine generic accounts were also not disabled for the years 2015-2018.

According to the review, “the user accounts provided access to the district’s network and should have been actively managed to minimize the risk of misuse.” If not, it warned, those accounts could be “potential entry points for attackers to inappropriately access and view Personal, Private or Sensitive Information (PPSI) on the network.” 

The state also advised that districts should have “written procedures in place for granting, changing and revoking user permissions to the network; also, to minimize the risk of unauthorized access, district officials should regularly review enabled network user accounts to ensure they are still needed. Officials must disable unnecessary or unneeded accounts promptly, including user accounts of former employees.”

Recommendations made were for the district “to develop written procedures to manage system access, which will include a periodic review of user access and disabling user accounts when access is no longer needed.” DiNapoli also recommended the development of a breach notification policy.

The MCSD serves not only the village of Millbrook, but the towns of Washington, Union Vale, Clinton, LaGrange, Stanford and Pleasant Valley. Its Board of Education has seven elected board members. 

Superintendent of Schools Laura Mitchell, who began her position in January 2020, did not return multiple requests for an interview but did respond to the audit report on the district’s website, www.millbrookcsd.org. 

“The district is in agreement with these recommendations and is in the process of developing policies and procedures accordingly,” stated Mitchell. “Specifically, the district has already implemented a protocol for regular verification of student enrollment for the specific purposes of maintaining, creating or deactivating students accounts.” 

The district has 944 students and 350 employees, with network user accounts totaling 1,325.

“A parallel process is being developed for staff accounts,” added the superintendent. “The district will also continue working with our local BOCES and cyber security support partners to create an appropriate breach notification policy.”

Some residents took to Facebook to comment on the report, in less than flattering terms. 

“They keep getting money given to that department and the meetings are harder to watch now than when they were on Zoom. The camera and microphone that they have implemented is terrible.” 

Another comment simply said the report was “shocking.”

The MCSD has touted its technology department throughout the years, starting in 2004 through 2007 and again from 2016 through 2019. In April 2020, Elliott Garcia was hired as director of Technology and Data Services. 

Since then the district said it has been making great strides to update both its equipment and its IT practices to protect student and staff accounts. 

Hartswick said that since Garcia was hired he has “devised a plan and executed it, resolving the issues pointed out” in the state audit.

Latest News

Inspiring artistic inspiration at the Art Nest in Wassaic

Left to right: Emi Night (Lead Educator), Luna Reynolds (Intern), Jill Winsby-Fein (Education Coordinator).

Natalia Zukerman

The Wassaic Art Project offers a free, weekly drop-in art class for kids aged K-12 and their families every Saturday from 12 to 5 p.m. The Art Nest, as it’s called, is a light, airy, welcoming space perched on the floor of the windy old mill building where weekly offerings in a variety of different media lead by professional artists offer children the chance for exploration and expression. Here, children of all ages and their families are invited to immerse themselves in the creative process while fostering community, igniting imaginations, and forging connections.

Emi Night began as the Lead Educator at The Art Nest in January 2024. She studied painting at Indiana University and songwriting at Goddard College in Vermont and is both a visual artist and the lead songwriter and singer in a band called Strawberry Runners.

Keep ReadingShow less
Weaving and stitching at Kent Arts Association

A detail from a fabric-crafted wall mural by Carlos Biernnay at the annual Kent Arts Association fiber arts show.

Alexander Wilburn

The Kent Arts Association, which last summer celebrated 100 years since its founding, unveiled its newest group show on Friday, May 11. Titled “Working the Angles,” the exhibition gathers the work of textile artists who have presented fiber-based quilts, landscapes, abstracts, and mural-sized illustrations. The most prominently displayed installation of fiber art takes up the majority of the association’s first floor on South Main Street.

Bridgeport-based artist Carlos Biernnay was born in Chile under the rule of the late military dictator Augusto Pinochet, but his large-scale work is imbued with fantasy instead of suffering. His mix of influences seems to include Wolfgang Amadeus Mozart’s popular German libretto “The Magic Flute” — specifically The Queen of the Night — as well as Lewis Carol’s “Alice’s Adventures in Wonderland,” The Tudor Court, tantalizing mermaids and exotic flora.

Keep ReadingShow less
Let there be Night: How light pollution harms migrating birds
Alison Robey

If last month’s solar eclipse taught me anything, it’s that we all still love seeing cool stuff in the sky. I don’t think we realize how fast astronomical wonders are fading out of sight: studies show that our night skies grow about 10% brighter every year, and the number of visible stars plummets as a result. At this rate, someone born 18 years ago to a sky with 250 visible stars would now find only 100 remaining.

Vanishing stars may feel like just a poetic tragedy, but as I crouch over yet another dead Wood Thrush on my morning commute, the consequences of light pollution feel very real. Wincing, I snap a photo of the tawny feathers splayed around his broken neck on the asphalt.

Keep ReadingShow less